Malware created by North Korean hacker group invades nuclear power plant network



The international hacker group Lazarus Group (HIDDEN COBRA) , which conducts cyber attacks targeting financial institutions and government agencies around the world, has been linked to North Korea. It was discovered that the malware created by the Lazarus Group had invaded the network of the Kudankram nuclear power plant in India.

NPC Admission on Malware Attack

Indian nuclear power plant's network was hacked, officials confirm | Ars Technica

Hackers Target Indian Nuclear Power Plant – Everything We Know So Far

The Kudankram nuclear power plant is a nuclear power plant in

Tamil Nadu, the southern tip of India, and commercial operation has started in December 2014. Security expert Pukhraj Singh , former analyst at an Indian government agency, suggested on Twitter that India was a cyber attack on September 7, 2019. Furthermore, on October 28, 2019, Mr. Singh said, `` There was domain control level access at Kudankram nuclear power plant, '' and many Twitter users and Indian opposition politicians asked the government to explain thing.

In response to this movement, officials of the Kudankulam nuclear power plant said on October 29, 2019, `` Nuclear power plant control systems are stand-alone and are not connected to external networks or the Internet, so they are subject to cyber attacks. No ' announced . However, while denying intrusion into the control system, he did not mention the presence or absence of cyber attacks on other parts.

And on October 30, the day after the intrusion into the control system was denied, the Indian Nuclear Power Corporation (NPCIL) said, “On the management network of Kudankram Nuclear Power Station, we found a malware intrusion created by the Lazarus Group.” I acknowledged. The problem was “reported on 4 September 2019 by the Indian Computer Emergency Response Team (CERT-In),” said NPCIL Deputy Director AK Nema.

According to Nema, an expert survey of the problem was conducted promptly. The infected computer is used for management purposes and is isolated from the important internal network, and the network in question seems to be continuously monitored.


Soumil Kumar

The malware discovered this time is a spy tool named “ DTrack ”, which was discovered by a global research and analysis team of Kaspersky, a security company, in financial institutions and research institutions in India. DTrack is believed to have been created by the Lazarus Group because it sees code sharing with other malware used by the Lazarus Group.

DTrack acts as a spy and monitoring tool that can collect data about infected systems, record keystrokes, scan connected networks, and monitor active processes on infected computers. In addition, “ATMDtrack”, another version of malware, was used to infiltrate Indian ATMs and steal customer card data.

Although it has not been confirmed that DTrack directly attacked the control system of the Kudankram nuclear power plant at the time of writing the article, there is a view that this attack was aimed at the next more critical attack. A report on cyber attacks released by the International Committee of the Red Cross in May 2019 states that `` first strikes on trusted systems make subsequent attacks easy '', while lurking in a relatively intrusive network It has also been pointed out that they may have attempted to penetrate isolated control systems on the occasion of software updates.

by India Water Portal

in Software,   Security, Posted by log1h_ik